I am the president and CEO of Aveksa, a leading provider of business-driven Identity and Access Management software solutions. I'm an accomplished, results-driven software executive with over 20 years of experience in global sales operations, marketing, business development, consulting, product management and engineering. Prior to joining Aveksa, I held senior management positions at BMC Software, BladeLogic, RishiSoft, and Cabletron. I've been awarded six patents in the U.S. and internationally for my work in IT management software systems. I hold a BSEE from IIT India, an MSCE from the University of Massachusetts, and an MBA in Marketing and Finance from Boston University School of Management.

The Top Three Cybersecurity Threats You Aren't Considering

Ten years ago, in an effort to highlight the increasing danger of digital threats, the Department of Homeland Security established October as National Cybersecurity Awareness Month. In the time since, the threat landscape has changed significantly, as sophisticated, state-sanctioned “hacktivists” and online organized crime syndicates have emerged from relative obscurity to become a major impediment to enterprise vitality. Now that National Cybersecurity Awareness Month is officially over I think it’s pertinent to discuss the issues facing IT security and the initiatives needed to combat them as we close out the year and look forward to 2014.

Meeting the Malicious

Today’s most dangerous threat is what I deem “The Malicious.” Not primarily concerned with financial gain, these sophisticated Internet marauders target a specific enterprise. Maybe they have some misguided notion of vigilante “hacktivisim” (Anonymous) or maybe they are (enemy) nation states concerned with seizing intellectual property or interrupting operations. Either way, their primary goal is to disrupt the day-to-day at the targeted organization for as long as possible. Take, for example, the recent hacks of the Syrian Electronic Army and their threats following a potential U.S. troop ground involvement. They were motivated not by profit, but the championing of a political cause. They are often dangerous, skilled and determined.

In order to combat “The Malicious,” it’s imperative the business employ a proactive approach in tackling the threats. Too many enterprises rely on a “corrective” method, where they attempt to remove the intruder after there has been a detected breach. But these attackers are sophisticated and fast moving, and a reliance on this tactic would be too little too late—the damage already done. A “preventive” approach, however, would monitor chatter for abnormalities, detect and then eliminate the threat before it occurs.

However, there is one important caveat to add. Although the “corrective” vs. “preventative” approach is a sound defense against would-be hacks, a small percentage of the time the attacker is so sophisticated that it’s nearly impossible to detect abnormalities until after the breach occurs. Obviously, in this rare instance, a “corrective” approach must be deployed. Consider the “preventative” as your primary line of defense, supported, in the case of emergencies, by the “corrective.”

Finding the Fraudster

Unlike their “malicious” counterparts, the fraudsters solely seek monetary benefits in the form of credit card information, bank accounts and Social Security numbers, often resorting to gimmicks like phishing schemes to gain access credentials. Like most crooks, they choose the path of least resistance, opting to waltz into the local bank than bust down the doors of Fort Knox. The solution here is obvious—don’t make the business an easy target for the less-lethal but nevertheless profit-seeking criminals.

To do this, the enterprise must track, detect and be on alert for suspicious activity. One such method would be to monitor employee access account activity in applications. If an account is suddenly gaining access to an application or data that is unnecessary to fulfill their job duties, there is the potential that account has been compromised. Knowing who has proper access to what can help assure that the theft of sensitive information is minimized. This, in turn, creates a business that is harder to exploit and will help to keep the fraudsters searching elsewhere.

Although their motives may be different, a common thread between the fraudster and the malicious is their exploitation of weak enterprise security systems. When National Cybersecurity Awareness Month was first established, it was possible to deter online criminals with in-house solutions, or in case of a breach, act quickly to remove them. A decade ago, it was enough to simply warn unaware enterprises about the presence of online criminals. Unfortunately, this is no longer the case, and a different, more pro-active solution is need.

One such answer is an Identity and Access Management (IAM) platform, designed to help enterprises monitor, manage and control access to mission-critical applications and data across the enterprise. As I’ve explained in this article and countless others, Internet ne’er-do-wells often exploit an unknown vulnerability, such as orphan accounts, to gain access. IAM provides a firm knowledge of access privileges and appropriate user accounts, making it possible to efficiently monitor improper access. IAM has risen in popularity in the past decade precisely because of its ability to help prevent and combat today’s fraudsters and the malicious. I highly recommend enterprises consider it.

I can only imagine how cybersecurity will evolve over the next 10 years, but here’s hoping we IT Security professionals continue to stay ahead of the curve.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.